https://bz.apache.org/bugzilla/show_bug.cgi?id=61355
--- Comment #8 from William A. Rowe Jr. <[email protected]> --- (In reply to Axel Reinhold from comment #7) > sorry - i do not understand your question. In apaches http_core.c the > schemas apache uses are fixed to http and https - see this comment in > http_scheme(): > > /* > * The http module shouldn't return anything other than > * "http" (the default) or "https". > */ > > so i reduced the patch also to these protocols. That makes sense! > I needed this behaviour not in an intranet environment but in a real-live > website which is running behind haproxy which also does SSL-offloading. This > page uses an iframe in which links to directories are generated - these were > redirected to trailing-slash versions by mod_dir with the wrong protocol. So > i needed this solution and did not like the ServerName solution, because > this does not work when both http and https are available. In apache the > config is only available once, because of the haproxy loadbalancer in front > of apache and apache sees no difference in the requests other than the > x-forwarded-proto header. So I just want to clarify, both PROXY protocol and RemoteIPInternalProxy lists represent the intranet, absolutely safe routes which can be trusted, so they should toggle the decoding of the designated RemoteIPProtoHeader. If the route comes instead only through RemoteIPTrustedProxy or through unrecognized proxies, the protocol should not be overridden, IMO. Would you concur? Looks like we are close to having a patch to commit to trunk for further feedback and potential backporting. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
